Disabling the monzo-token-server
I haven't used this since I wrote it... and now the .tokens attribute is missing and it's screwing up my other deployment... *sigh*
This commit is contained in:
parent
0b34482b6d
commit
4a836f363b
1 changed files with 19 additions and 21 deletions
|
@ -115,27 +115,25 @@ in {
|
|||
rootUrl = "https://git.wpcarro.dev/";
|
||||
};
|
||||
|
||||
systemd.services.monzo-token-server = {
|
||||
enable = true;
|
||||
description = "Ensure my Monzo access token is valid";
|
||||
script = "${briefcase.monzo_ynab.tokens}/bin/token-server";
|
||||
|
||||
# TODO(wpcarro): I'm unsure of the size of this security risk, but if a
|
||||
# non-root user runs `systemctl cat monzo-token-server`, they could read the
|
||||
# following, sensitive environment variables.
|
||||
environment = {
|
||||
store_path = "/var/cache/monzo_ynab";
|
||||
monzo_client_id = readSecret "monzo-client-id";
|
||||
monzo_client_secret = readSecret "monzo-client-secret";
|
||||
ynab_personal_access_token = readSecret "ynab-personal-access-token";
|
||||
ynab_account_id = readSecret "ynab-account-id";
|
||||
ynab_budget_id = readSecret "ynab-budget-id";
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
};
|
||||
};
|
||||
# systemd.services.monzo-token-server = {
|
||||
# enable = true;
|
||||
# description = "Ensure my Monzo access token is valid";
|
||||
# script = "${briefcase.monzo_ynab.tokens}/bin/token-server";
|
||||
# # TODO(wpcarro): I'm unsure of the size of this security risk, but if a
|
||||
# # non-root user runs `systemctl cat monzo-token-server`, they could read the
|
||||
# # following, sensitive environment variables.
|
||||
# environment = {
|
||||
# store_path = "/var/cache/monzo_ynab";
|
||||
# monzo_client_id = readSecret "monzo-client-id";
|
||||
# monzo_client_secret = readSecret "monzo-client-secret";
|
||||
# ynab_personal_access_token = readSecret "ynab-personal-access-token";
|
||||
# ynab_account_id = readSecret "ynab-account-id";
|
||||
# ynab_budget_id = readSecret "ynab-budget-id";
|
||||
# };
|
||||
# serviceConfig = {
|
||||
# Type = "simple";
|
||||
# };
|
||||
# };
|
||||
|
||||
services.gitDaemon = {
|
||||
enable = true;
|
||||
|
|
Loading…
Reference in a new issue